Qualys Cloud Platform 2.32 New Features

This release of the Qualys Cloud Platform version 2.32 includes updates and new features for AssetView, EC2 Connector, File Integrity Monitoring, Indication of Compromise, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows. (Post updated 3/23 to include new FIM features for this release.)

AssetView

AWS EC2 Inventory and Security Dashboard – a new dashboard “AWS EC2 WORKLOAD SECURITY – Overview” is available based on search queries across the different attributes collected for EC2 instances. The dashboard provides visibility into AWS EC2 instances and security posture collected via the EC2 Connector and pre-authorized scanners.

EC2 Connector

AWS EU Region (Paris) support – Region Name “EU (Paris)” with Region Code “eu-west-3” is now supported in the EC2 Connector

File Integrity Monitoring

Event Review – A new event review workflow has been introduced in conjunction with Change Incident tracking. You can now review events and quickly group together related events. Once reviewed, events will no longer be shown in the event review workflow, so you can be sure that no important events were overlooked. You can still search All Events for forensic investigation and other use cases via the All Events tab. The Event Review process works tightly with the Change Incident tracking system and the Ignored Events capabilities in this release.

Change Incidents – You can now organize FIM events into Incidents, allowing you to group together related events and track the reason for the change and other incident details. This enables you to meet auditor review requirements for PCI and other regulatory requirements and simplifies the event review process. Incidents can be categorized and change control violations can also be tracked using a combination of change type details, disposition, and approval tracking

Ignore Events – You can now search for events and mark them as ignored, removing them from being displayed in your event searches. This can be used to remove events generated unintentionally, such as temp files or other undesired system event noise that may be generated while you are tuning your monitoring profiles. Events are moved to the “Ignored” events tab and can be restored if needed.

Indication of Compromise

Import/Export Dashboards – you can now import and export Dashboards (with corresponding widgets) similar to AssetView

Security Assessment Questionnaire

New Respondents User Interface – a new user interface for all types of respondents including reviewers and approvers is provided

Web Application Scanning

Detection Scope Categories – different categories of vulnerabilities can now be selected for detection scope within an option profile. This allows for targeted scans and offers an alternative to using static and dynamic search lists.

Test Authentication – this new option, if enabled for your subscription, is available from the Quick Actions menu, allows you to quickly test the scanner’s ability to authenticate to a web application [updated Mar 16]

Exclude Parameters – you can now exclude specific parameters from testing to improve a scan’s efficiency and effectiveness. Exclusions can be defined for URL parameters, request body parameters, or cookies.

Update to 2017 OWASP Top 10 – identified vulnerabilities are now mapped to the 2017 edition of the OWASP Top 10 replacing the 2013 edition

New CSV report – a new CSV report (“v2”) has been implemented to include additional columns for each finding

Web Application Firewall

Scheduled Software Version Upgrades – you can now schedule automatic upgrades within specific time-ranges, allowing you to stay with the latest appliance software version

Web Services Protection – you can now protect your web services and REST/APIs through a native protection added to the HTTP Profile (see the new “Web Services” section). Support includes a new WAF QID (226022) in addition to all existing QIDs detected within the XML/JSON envelope.

Custom Responses with Custom Rules – custom response pages can be triggered by custom rules, providing the ability to dissociate responses based on Custom Rule conditions

Creating Exceptions with Custom Rules – creating exceptions with the custom rule component simplifies the false-positive management process. You can now disable a given QID or a subset of QIDs when it raises a violation that is not legitimate, based on your policy settings.